1

My code for wrap and unwrap public and private key 

public void BasicWrapAndUnwrapKeyTest()
{
    using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath,     Settings.AppType))
    {
        // Find first slot with token present
        Slot slot = Helpers.GetUsableSlot(pkcs11);

        // Open RW session
        using (Session session = slot.OpenSession (SessionType.ReadWrite))
        {
            // Login as normal user
            session.Login(CKU.CKU_USER, Settings.NormalUserPin);

            // Generate asymetric key pair
            ObjectHandle publicKey = null;
            ObjectHandle privateKey = null;
            GenerateKeyPair(session, out publicKey, out privateKey);

            // Generate wrapping key
            ObjectHandle secretKey = GenerateKey(session);

            // Generate random initialization vector
            byte[] iv = session.GenerateRandom(8);

            // Specify wrapping mechanism
            Mechanism mechanism = new Mechanism(CKM.CKM_DES3_CBC, iv);

            // Wrap private key
            byte[] wrappedKey = session.WrapKey(mechanism, secretKey, privateKey);

            // Define attributes for unwrapped key
            List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, "unwrapped_private"));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true));

            // Unwrap private key
            ObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes);

            session.DestroyObject(privateKey);
            session.DestroyObject(publicKey);
            session.DestroyObject(secretKey);
            session.DestroyObject(unwrappedKey);
            session.Logout();
        }
    }
}

After run this code I got the following error:

Message = "Method C_WrapKey returned CKR_MECHANISM_INVALID"

double-beep
  • 5,031
  • 17
  • 33
  • 41
Noppadol
  • 11
  • 3

1 Answers1

0

By returning CKR_MECHANISM_INVALID error your unmanaged PKCS#11 library is telling you that "An invalid mechanism was specified to the cryptographic operation". You can check with GetMechanismInfo() method that your unmanaged library supports key wrapping with CKM_DES3_CBC mechanism i.e.:

MechanismInfo mechanismInfo = selectedSlot.GetMechanismInfo(CKM.CKM_DES3_CBC);
if (!mechanism.MechanismFlags.Wrap)
    throw new Exception("Key wrapping with CKM_DES3_CBC is not supported.");
jariq
  • 11,681
  • 3
  • 33
  • 52
  • Thanks jariq . Can you advise cryptographic operation for wrap private key? – Noppadol Sep 11 '18 at 06:59
  • It depends on your unmanaged PKCS#11 library which wrapping mechanisms are supported and which are not. It's almost always the best to consult library documentation or contact its vendor. – jariq Sep 11 '18 at 18:07